Warning: OpenClaw Gateway has a high-risk vulnerability. Please upgrade to version 2026.2.25 or later immediately.

CoinFeed reported on March 2nd that the GoPlus Chinese community issued a warning about a high-risk vulnerability in the OpenClaw Gateway. Users are urged to immediately upgrade to version 2026.2.25 or higher and audit and revoke any unnecessary credentials, API keys, and node permissions granted to Agent instances. The analysis states that OpenClaw operates through a WebSocket Gateway bound to the local host. This Gateway, as the core coordination layer for the Agent, is a crucial component of OpenClaw. This attack targets a weakness in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by the hacker in their browser.